Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Follow_up to: Malware/Trojan Disabling Browser Access, Do not know how to remove it


  • Please log in to reply
No replies to this topic

#1 mswertfager

mswertfager

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 30 May 2009 - 02:28 PM

Hi,

This is a help to posting http://www.bleepingcomputer.com/forums/t/230422/malwaretrojan-disabling-browser-access/

I ran into this last night as well...I solved this or made serious headway! Hope this helps.
From reading this posing http://answers.yahoo.com/question/index?qi...02193242AAxAckV I looked into the Google profile directory (the article above shows where it is) and found a suspicious new.exe that was installed at the time I got infected via my browser...in your list of apps starting, I see you have it too it is "uqrke8412012.exe"

This is what I am doing:
- Rebooting in SafeMode.
- Locate the file, write down the date and time it was created (to use as a search across my drive to find any other files created at that time)
- Deleting using Shift-Delete (to skip the recycle bin)
- Researching the drive for anything created/altered at the same time and renaming the malicious looking ones (found a bunch in my Windows/prefetch directory. This dir apparently can be deleted and rebuilt by windows according to this article. http://www.pcmag.com/article2/0,2817,1683520,00.asp. So, i renamed the directory.)
- Then rebooting in regular mode.

This looked to be working. I was able to reboot without the false warning of the Win32.Brontok worm. And, I am now able to install Norton 360 (with anti-virus)...which it was blocking before.

Good luck. I will reply with any new discoveries through the day.
-M

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users